People had long forgotten how to read ancient Egyptian hieroglyphs when Napoleon’s army came across a large slab of rock buried under the foundations of a building in the Nile Delta. Thanks to the discovery of the Rosetta Stone, as it came to be known, scholars were able to use the ancient Greek inscription to decipher the hieroglyphs carved into the same stone. Something similar is happening nowadays in smart factories, where machines, which often “speak” different languages, are relying on the digital equivalents of the Rosetta Stone to understand and share information.

Information is the lifeblood of modern manufacturing. Smart factories use technologies such as the Internet of Things (IoT) to connect intelligent machines and systems in order to enable a real-time exchange of information. This facilitates the vertical integration of the departments in an organization, as well as the horizontal integration of business partners across the entire value chain. In other words, smart manufacturing achieves efficiencies by integrating data from multiple technical systems across domains, hierarchies and geographic boundaries. …

International technology standards not only promote best practices in efficiency, trustworthiness and safety, but also they are essential for the removal of technical barriers to trade. They are developed and agreed through a process of consensus that relies on at least some face to face meetings between engineers, scientists, regulators and other experts from all over the world. The COVID-19 pandemic has forced all of these meetings online, which presents challenges when hundreds of experts, most of whom are not native English speakers, come together to identify solutions.

The Australian, Mike Wood, understands these challenges better than most. Wood, who is based near Melbourne, chairs a committee (TC 106) that develops international standards on measurement and calculation methods to assess human exposure to electromagnetic fields. Their work helps governments and bodies like the World Health Organization to make important decisions about public health and safety. In his day job, Wood works for the telecommunications company, Telstra, as Principal for EME Strategy, Governance and Risk Management. …

In the movies, cyber-crime is often portrayed as a modern-day Western, with good and bad nerds shooting code at each other instead of bullets. The truth is far more mundane. Very often data breaches happen simply because employees are negligent or make mistakes.

According to a report from IBM and the Ponemon Institute, human error was responsible for nearly a quarter of all data breaches between July 2018 and April 2019. The best way to mitigate that risk is with a holistic strategy that addresses technology, people, practices and procedures.

Importance of strong leadership

Ensuring those practices and procedures are properly maintained relies on an efficient governance model, such as the one outlined in ISO/IEC 27014. This standard defines cybersecurity governance as the “system by which an organization’s information security systems are directed and controlled”. It requires strong leadership from the top of the organization. Ultimately, though, it is the job of all managers to implement the relevant policies and principles in their departments. Unfortunately, senior executives in some organizations continue to believe that cybersecurity is a problem for the IT Department, rather than a leadership issue. …

Choosing the right media channels to reach your stakeholders and clients is a tough challenge because it is easy to get wrong. It is even harder for small teams with limited resources.

A website and corporate presence on the most relevant social media platforms — usually Facebook, LinkedIn, Twitter and YouTube — provide the backbone, but sooner or later you will need to weigh the pros and cons of adding other products and services to the mix, perhaps a blog, newsletter or podcast.

It is essential that you base any decisions on a well-defined strategy that clearly identifies your target audiences and takes into account your team’s skills base and available resources. You need SMART goals and relevant metrics for assessing your success at delivering the right messages to the right audiences. …

A new generation of malware is specifically targeting the industrial automation and control systems (IACS) used in critical infrastructure. These systems include the supervisory control and data acquisition (SCADA) technology and human machine interfaces (HMI) that are at the very heart of the assets that keep modern society safe and functioning, affecting everything from food and water to manufacturing plants and power installations.

Probably the best-known cyber-attack on critical infrastructure took place in Ukraine in 2015, when hackers successfully infiltrated the electric utility’s SCADA system. Key circuit breakers were tripped, and the SCADA system was turned into a “brick”, causing a system-wide power blackout. It left nearly a quarter of a million people without electricity, in the middle of winter, for up to six hours. …

The European Union’s General Data Protection Regulation (GDPR) has transformed the way data is treated, as businesses around the world are avoiding the additional costs of managing different data regimes. Comparable laws giving local residents more control over their data are now starting to come into effect in other countries. For example, the California Consumer Privacy Act (CCPA) gives their residents the power to demand the deletion of information.

Different kinds of legal risk

Regulatory compliance is not the only challenge. Litigation poses a serious threat to organizations, especially in cases where customers, employees or business partners suffer actual financial losses — for example, in the case of criminals taking advantage of poor security to steal credit card information. The phrase ‘actual financial losses’ can also refer to a drop in a company’s share price. This was the case, for example, when Yahoo shareholders brought a class action lawsuit after the company’s market value dropped as a result of criminals taking advantage of poor security to steal sensitive data. …

A recent survey in the US showed that manufacturers are increasingly under threat from cyber attacks. Half of the companies that took part admitted they had suffered a data breach or cyber attack in the previous 12 months. It is part of a global trend as the growth of the Industrial Internet of Things (IIoT) brings numerous benefits but also increases the vulnerability of industry to cyber attacks.

The chief motivations for hackers targeting the manufacturing industry are reportedly financial gain and industrial espionage. …

In December 2015, with temperatures struggling to stay above freezing, Ukraine experienced an unprecedented cyber attack on its energy grid. The assault left nearly a quarter of a million people without electricity for up to six hours. It demonstrates the very real threat of an attack cutting off the supply of electricity to our homes, schools, hospitals and factories, with potentially catastrophic results. It is believed the hackers had managed to infiltrate the security of three substations with spear phishing emails, hiding their so-called BlackEnergy malware in fake Microsoft Office attachments.

Incidents such as the attack in Ukraine demonstrate that electricity grid faces a tangible threat. If we have learned a lesson, it is that cyber security requires a holistic approach that incorporates not only technology, but also processes and especially people. …